Lethe Tech Solutions, 1

Week 14
Work order
March 2016
NTW216

This Report Was Prepared by:

Lethe Tech Solutions
Marie Whiting
System Administrator and Security Analyst

Lethe Tech Solutions, 2

Table

Contents
Executive Summary:
Document Properties:
Version Control:
CASE PROJECTS
Case Project 11-1: Obtaining Baselines
Case Project 11-2: Using Monitoring Tools
Case Project 11-3: Monitoring Database Reliability
Case Project 11-4: Creating a Performance Monitor Strategy
References

of

Lethe Tech Solutions, 3

Executive Summary:
Per your direction to launch a Computer Reliability initiative, this report documents
steps that should be undertaken in order to assess reported issues in your network,
particularly with network and server slowdowns and database crashes. In order to create a
plan that will address these issues, it is necessary to develop a network baseline in order to
document the network behaviors. Once the performance of the network is logged over
seven days using network monitoring tools at all levels and on all devices, and an analysis
conducted, a plan can be put into place to address the problem areas.

Document Properties:
Name

Title

Classification

Confidential

Version

1.1

Authors

Marie Whiting

Reviewed By
Approved By
Date Approved

Version Control:
Version

Date

Authors

Description

1.0

17 December,
2016

Marie Whiting

First Draft

Lethe Tech Solutions, 4

Scenario
Alterrain manufactures high-end mountain bikes with models for general recreational use and specialty
models for racing. Alterrain products are sold throughout North America and Europe. The company operates from
an office building adjacent to its manufacturing building. A centralized server and network operations room in the
office building is fully networked, as is the manufacturing building. The office building houses management along
with the Marketing, Accounting, and Research and Design departments. The Manufacturing, Inventory, and
Shipping departments are housed in the manufacturing building. Network communications in the office building are
largely wireless, but the servers use cable connections to the network and are protected behind a router. The
manufacturing building has a cable network because the machinery used in the building and the building structure
are not well suited for dependable wireless communications.
Alterrain has 12 Windows Server 2008 servers that include Standard, Enterprise, Web Server, and
Datacenter Editions. The company employees use a combination of Windows Vista, Windows XP, and Linux
desktop computers. Because the company has recently experienced network and server problems, management has
decided to launch a Computer Reliability initiative. The goal of this program is to minimize computer interruptions
and maximize user productivity. As part of the initiative, they have hired you through Aspen Consulting to help put
into place reliability measures.

CASE PROJECTS

Case Project 11-1: Obtaining Baselines

Issue network and server problems: minimize computer interruptions and maximize user
productivity.
Background Information

Lethe Tech Solutions, 5

Resources have focused on reacting to user requests by upgrading the servers and
network equipment. The first step in launching a Computer Reliability initiative is to obtain
baseline data. Before any improvements can be suggested, the network baselining will provide a
measure of how the network is behaving in real-time.
Getting Started
This will involve testing and reporting of the physical connectivity, normal network
utilization, protocol usage, peak network utilization, and average throughput of the network
usage (Network baselining, 2016) and creating a set of metrics used in network performance
monitoring to define the normal working conditions of an enterprise network infrastructure
(Brandenburg, 2016). . This will involve recording and analyzing all of the network traffic,
performance, and patterns and comparing this information to expected behavior as opposed to
unknown traffic (McCreery, 2009). If it is determined that more bandwidth is needed, then
legitimate reason for the increase should be documented so that the increase is not due to
employees streaming music or videos. Other questions that should be addressed in gathering the
baseline data include the following:
How many people are talking to a particular network?
What protocols are going across the network?
How much bandwidth does a particular application use in general?
What is latency on the network for a particular application?
Traffic WAN links, Internet, business critical applications, to/from critical systems,
backup traffic

Lethe Tech Solutions, 6

(McCreery, 2009)

The baselines must be chosen that will meet the goal of minimizing computer
interruptions and maximize user productivity. It is important to understand the baselines and the
benchmarks of the particular application servers, clients on the network, and the overall health of
the network from a utilization perspective (McCreery, 2009). If the company is using the
Information Technology Infrastructure Library (ITIL) framework, there are tools available that
can be used, otherwise, tools can be selected that best fit the needs of the company
(Brandenburg, 2016).
Next Steps
One place to start in obtaining the baseline data is with the vendors who can provide a list
of the devices and what tools would best support the initial monitoring. Cisco, for example,
recommends not exceeding 60% of CPU utilization on its routers and has published an SNMP
message to monitor that statistic (Brandenburg, 2016). According to Brandenburg, 2016,
consider both physical and virtual devices, use data capture or sniffing tools [to] capture the
entire stream of network data, and get samples with sFlow/NetFlow monitoring. Plan on
about seven days of monitoring in order to gather the most accurate information.

Case Project 11-2: Using Monitoring Tools

Immediate Goal
Create a new employee guide which provides an overview of the monitoring tools in a
Windows 2008 Server. Include the following tools:

Lethe Tech Solutions, 7

Task Manager
Performance Monitor
Reliability Monitor
Data Collector Sets"
Windows Server 2008 Background and Information
Since the goal of the monitoring tools is to provide data regarding how quickly a
computer completes application and system tasks, the Windows Reliability and Performance
Monitor tool is an initial starting place (Performance and Reliability Monitoring Getting Started
Guide for Windows Server 2008, 2007). This will also provide information on the resources
available for various applications. Another component to be aware of is looking at the reliability.
This is the measure of how often the system operates as it is configured and expected to
perform. Reliability can be reduced when applications stop responding, services stop and restart,
drivers fail to initialize, or in the worst case, when operating systems fail (Performance and
Reliability Monitoring Getting Started Guide for Windows Server 2008, 2007).
Task Manager
The Task Manager provides an instant view of the systems resources, such as memory
usage, process activity, processor activity, network activity, user info, and resource consumption
(Using the Windows Server 2008 Task Manager for Logging and Debugging, 2010). The six tabs
across the top give the user access to information regarding applications, processes, services,
performance, networking, and users.

Lethe Tech Solutions, 8

(Using the Windows Server 2008 Task Manager for Logging and Debugging, 2010)
Performance Monitor
One feature of the Performance Monitor is its ability to create a configuration for a log
and save it as a template which can be used on other computers. In addition, there is a resource
view that shows the user a graphical overview of CPU, disk, network, and memory usage. By
expanding each of these monitored elements, you can identify which processes are using which
resources. In previous versions of Windows, this real-time, process-specific data was only
available in limited form in Task Manager (Performance and Reliability Monitoring Getting
Started Guide for Windows Server 2008, 2007).
Reliability Monitor
The Reliability Monitor tool uses an index to document when problems compromise the
stability of the network. A graph is produced with the dates so that the causes of the disruption

Lethe Tech Solutions, 9

can be further delved into. It may be an application was installed or deleted at that time or an
update to the operating system (Performance and Reliability Monitoring Getting Started Guide
for Windows Server 2008, 2007).

.
(Posey, 2009)
Data Collector Sets
The Windows Server 2008 has a Data Collector Set which groups data collectors into
reusable elements for use with different performance monitoring scenarios. This tool can create
logs, load it in Performance Monitor to see the data in real time, and save it as a template to use
on other computers (Performance and Reliability Monitoring Getting Started Guide for
Windows Server 2008, 2007).

Lethe Tech Solutions, 10

(Pyle, 2010)

Case Project 11-3: Monitoring Database Reliability

Scenario Issues
Recently, the inventory database has gone down frequently causing a disruption in the
company. The end users have noticed that this seems to happen when there are upgrades or
patches to the software. These, however, are just general observations since no log has been kept
documenting the exact days and times which could then be correlated to specific events.
Preliminary Questions
Some questions come to mind immediately. Pursuing answers to these, will in turn lead to
further questions.
What is the software or softwares and is it critical to the smooth running of the company?
Who is the vendor?

Lethe Tech Solutions, 11

Is there documented vulnerabilities or technical errors with the software that are causing the

frequent updates/patches? If so, this may not be the best software/vendor to use.
Why are there so many updates/patches?
Is it the same set of problems or are they different issues that are being addressed?
Are there alternate solutions or software with other companies that would be more efficient?
Has anyone contacted the vendor or researched similar problems with the software
Investigation
One known update that has caused serious major performance issues with any Microsoft
Access application with a SQL Server backend (any version) (Myher, 2014). If this update was
found to be the cause of the downtime, for example, then removing the update will correct the
issue. It is this specific type of information that is needed in order to address the concerns that
the server with the inventory database frequently going down.

(Myher, 2014)

Lethe Tech Solutions, 12

Case Project 11-4: Creating a Performance Monitor Strategy
Assigned Task
The final task is to narrow down the number Performance Monitor objects consistently
utilized between all servers. With the same five or six objects chosen with which to establish a
baseline, data can be compared between each server in order to more likely pinpoint problem
software, applications and/or devices. These performance counters are measurements of system
state or activity. They can be included in the operating system or can be part of individual
applications. Windows Performance Monitor requests the current value of performance counters
at specified time intervals (Windows Performance Monitor, 2016).

Background Information
The Windows Server utilized for this scenario is Microsofts 2008 version. It is the first
operating system that is a 64-bit only server ((Kappel, 2016). The server has at least 60 basic
performance objects and each object contains multiple counters (Choy, 2008). A slow system, as
is occurring with this company, may be caused by five major areas according to Choy (2008) and
counters that should be used.
Performance Monitor Objects
Hard Disk Bottleneck
This slowdown issue affects the disk usage and speed [and] will have a big impact on the
servers overall performance (Choy, 2008). There are at least six counters that can be used.
However, a few that are used to analyze disk monitoring are listed below.

Lethe Tech Solutions, 13

LogicalDisk\% Free Space -- This is a measurement of the available free space on the disk

which, optimally, should be above 15%

PhysicalDisk\Avg. Disk Sec/Read -- The disc system should have the ability to read the
information within 10-25 milliseconds (ms). If this is not happening, a faster disk system should
be installed.
PhysicalDisk\Avg. Disk Queue Length -- The number of I/0 operations waiting to be processed
should not be larger than the two times the number of spindles (Choy, 2008).

Memory Bottleneck
This type of problem has to do with inadequate RAM, a memory leak, or a memory switch

placed inside the boot.ini (Choy, 2008).

Memory\Available Mbytes -- The physical memory available should be less than 5 percent of

the the total physical RAM. The solution, if this is part of the problem, is to add more memory.
Memory\Pool Non-Paged Bytes -- When objects are not written to the disk, they remain in
physical memory. There is a possible memory leak if the value is greater than 175MB (or
100MB with the /3GB switch) (Choy, 2008).
Memory\Pages per Second -- Pages are read or written to a disk at a certain rate. If this value is
greater than 1,000, as a result of excessive paging, there may be a memory leak (Choy, 2008).
Processor Bottleneck
If the processor does not have enough power or if an application does not perform well, it may
become overloaded.
Processor\% Processor Time -- Documenting the time it takes for a processor to execute a
function is a good determinate of whether or not the processor is overwhelmed.
Processor\% User Time -- Time must be divided appropriately between the application and the
user. One possible solution here is to optimize the application that is using up the processor
resources (Choy, 2008).
System\Processor Queue Length -- If the threads in the queue exceed twice the number of CPUs,
this demonstrates that the processor does not have enough power.

Lethe Tech Solutions, 14

Network Bottleneck
The network is the heart of sending and receiving the traffic on the system. If the network card is
not working properly or the system is saturated, this issue needs to be addressed to improve
network efficiency.
Network Interface\Bytes Total/Sec -- This counter measures the rate at which bytes are sent and
received over each network adaptor (Choy, 2008). Solutions to this issue will include
segmenting the network or installing a faster network card.
Network Interface\Output Queue Length -- The output packet lengths are measured. There is a
problem if the saturation is more than two.
Process Bottleneck
Processes that are misbehaving or non-optimized will slow down the efficiency of the server
(Choy, 2008).
Process\Handle Count -- Handles that are open should be less than 10,000.
Process\Thread Count -- The number of active threads should be less than 500.
Process\Private Bytes -- Some memory is allocated to a certain process and cannot be shared.
This should less than 250.

Lethe Tech Solutions, 15

References
Brandenburg, M. (2016). How to set a network performance baseline for network monitoring.
Search Networking. Retrieved June 9, 2016 from
http://searchnetworking.techtarget.com/How-to-set-a-network-performance-baseline-fornetwork-monitoring
Choy, S. (2008). Taking Your Servers Pulse. TechNet Magazine. Retrieved June 10, 2016 from
https://technet.microsoft.com/en-us/magazine/2008.08.pulse.aspx
Kappel, J. (2016). FAQ: Windows Server 2008 R2 performance monitoring. Retrieved June 10,
2016 from http://searchitchannel.techtarget.com/feature/FAQ-Windows-Server-2008-R2performance-monitoring
McCreery, T. (2009, February 26). Getting network baselining right. Network World. Retrieved
June 9, 2016 from http://www.networkworld.com/article/2263688/tech-primers/gettingnetwork-baselining-right.html
Myher, D. (2014). Security Update MS14-066 causes major performance problems in Microsoft
Access / SQL Server applications. https://darrenmyher.com/2014/11/13/security-updatems14-066-causes-major-performance-in-microsoft-access-sql-server-applications/
Network baselining. (2016). Webopedia. Retrieved June 9, 2016 from
http://www.webopedia.com/TERM/N/network_baselining.html

Lethe Tech Solutions, 16

Performance and Reliability Monitoring Getting Started Guide for Windows Server 2008. (2007,
April 25). Microsoft. Retrieved June 10, 2016 from https://technet.microsoft.com/enus/library/cc771692%28v=ws.10%29.aspx
Posey, B. (2009, January 8). Performance Monitoring the Easy Way, Part 1. Petri. Retrieved June
10, 2016 from https://www.petri.com/performance-monitoring-easy-way-part-1
Pyle, N. (2010, June 8). Son of SPA: AD Data Collector Sets in Win2008 and beyond. Microsoft
blog. Retrieved June 10, 2016 from
https://blogs.technet.microsoft.com/askds/2010/06/08/son-of-spa-ad-data-collector-setsin-win2008-and-beyond/
Using the Windows Server 2008 Task Manager for Logging and Debugging. (2010, May 6).
Windows Server Help. Retrieved June 10, 2016 from
http://www.winserverhelp.com/2010/05/using-windows-server-2008-r2-task-managerfor-logging-and-debugging/
Windows Performance Monitor. (2016). Microsoft. Retrieved June 10, 2016 from
https://technet.microsoft.com/en-us/library/cc749249(v=ws.11).aspx